CVE-2024-51211

openSIS-Classic 9.1 (OS4ED) contains a SQL injection in resetuserinfo.php via improper input validation of the username_stn_id parameter, enabling an attacker to inject arbitrary SQL commands. Affected component/file: resetuserinfo.php in OS4ED openSIS-Classic version 9.1. Root cause: insufficien...